package com.cskaoyan.config;

import com.cskaoyan.shiro.AdminRealm;
import com.cskaoyan.shiro.CustomSessionManager;
import com.cskaoyan.shiro.WxRealm;
import org.apache.shiro.realm.Realm;
import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.apache.shiro.web.session.mgt.DefaultWebSessionManager;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

import java.util.ArrayList;
import java.util.LinkedHashMap;

@Configuration
public class ShiroConfig {

    // ShiroFilterFactoryBean
    @Bean
    ShiroFilterFactoryBean shiroFilterFactoryBean(DefaultWebSecurityManager securityManager){
        ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
        shiroFilterFactoryBean.setSecurityManager(securityManager);
        //认证失败后重定向的url
        shiroFilterFactoryBean.setLoginUrl("/admin/auth/login");
        //最重要的事情
        //对请求过滤 filter
        //key 请求url value对应的是过滤器
        LinkedHashMap<String, String> map = new LinkedHashMap<>();
        // 不需要认证的资源
        map.put("/admin/auth/login","anon");
        map.put("/wx/auth/login","anon");

        map.put("wx/search/clearhistory", "authc");
        map.put("wx/feedback/submit", "authc");
        map.put("/admin/**","authc");
        map.put("/wx/order/**","authc");

        //当你分配了perm1的权限时才能访问need/perm这请求
        //filterMap.put("/need/perm","perms[perm1]");
        //优选的方式是声明式
        //filterMap.put("/auth/logout","logout");

        shiroFilterFactoryBean.setFilterChainDefinitionMap(map);
        return shiroFilterFactoryBean;
    }

    //shiro核心组件 SecurityManager
    @Bean
    public DefaultWebSecurityManager securityManager(AdminRealm adminRealm,
                                                     DefaultWebSessionManager sessionManager,
                                                     CustomAuthenticator customAuthenticator){
        DefaultWebSecurityManager defaultWebSecurityManager = new DefaultWebSecurityManager();
        defaultWebSecurityManager.setRealm(adminRealm);
        defaultWebSecurityManager.setSessionManager(sessionManager);
        defaultWebSecurityManager.setAuthenticator(customAuthenticator);
        return defaultWebSecurityManager;
    }

    // DefaultWebSessionManager
    @Bean
    public DefaultWebSessionManager defaultWebSession(){
        CustomSessionManager customSessionManager = new CustomSessionManager();
        return customSessionManager;
    }
    /*
     * 声明式鉴权 注解需要的组件 AuthorizationAttributeSourceAdvisor
     * */
    @Bean
    public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(DefaultWebSecurityManager securityManager){
        AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor();
        authorizationAttributeSourceAdvisor.setSecurityManager(securityManager);
        return authorizationAttributeSourceAdvisor;
    }

    /**
     *  自定义认证器
     */
    @Bean
    public CustomAuthenticator authenticator(AdminRealm adminRealm, WxRealm wxRealm){
        CustomAuthenticator customAuthenticator = new CustomAuthenticator();
        ArrayList<Realm> realms = new ArrayList<>();
        realms.add(adminRealm);
        realms.add(wxRealm);
        // 告诉它成员变量
        customAuthenticator.setRealms(realms);
        return customAuthenticator;
    }
}
